Gates pushed change in security culture at Microsoft

But how much of an effect did 'Trustworthy Computing' have?

Nearly six and a half years ago, in the aftermath of the September 11 terrorist attacks and amid concerns about growing online threats, then-Microsoft CEO Bill Gates sent out a companywide e-mail that some consider his most important ever.

The January 15, 2002, memo was simply titled "Trustworthy Computing," and it stressed the need for Microsoft to focus on security and build more-reliable products that could withstand future threats.

"If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do," Gates wrote. "Our responsiveness has been unmatched -- but as an industry leader we can and must do better."

On Monday, when Gates retires officially from Microsoft, he will leave behind a company which, by most accounts has done just that, at least on the security front.

"Gates set the vision" with his memo, said Khalid Kark an analyst at Forrester Research. According to Kark, Gates set into motion a series of fundamental changes at Microsoft and how it develops its products -- changes that have helped the company make considerable progress in addressing security issues. Windows Server 2003, released in late 2003, became the first operating system to ship after the Trustworthy Computing initiative went into effect.

Gates' memo gave marching orders to then-Microsoft Chief Technology Officer Craig Mundie and led to the creation of a costly new process at Microsoft called the Security Development Lifecycle (SDL), which was meant to ensure that security flaws were caught during the product development cycle -- not after products were released. Millions of dollars were spent to ensure that every single in-house developer went through an SDL training process.

The memo also yielded a new monthly patch delivery cycle, which despite the occasional hiccups, many consider a model in the software industry. Over the years, the memo also set the tone for a gradual thawing of the once icy relationship between Microsoft and the security research and bug-hunter community.

The memo was in many ways an acknowledgment by Gates that Microsoft's single-minded focus on ease-of-use and new features had trumped product security at a time when malicious attackers were using the Internet to lethal effect. "When we face a choice between adding features and resolving security issues, we need to choose security," Gates wrote in his memo.

"In the pre-2001 days, Gates was the biggest reason why Microsoft was having so many security problems," said John Pescatore an analyst at Gartner. "He was a market-driven guy who said that consumers didn't want more security but more ease of use.

"When Gates had his epiphany and wrote his memo, he really forced a lot of changes at Microsoft," Pescatore said. Importantly, the changes were not just at the technical level but also in the manner in which Microsoft evaluated product managers, how it reviewed product performance internally and how it decided something was ready to be released. The focus was no longer just on product functionality but also on security, he said.

While Gates' memo may have set the tone at Microsoft, it did little immediately to change public perceptions about the insecurity of Microsoft's enterprise products, Kark said. In fact, the company has had a harder time than it probably expected convincing buyers that the changes it implemented have resulted in more-secure products, he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?